REMARKS 

[0002] Applicant respectfully requests reconsideration and allowance of all 
of the claims of the application. Claims 9-14, 17-23, and 33-35 are presently 
pending, Claims amended herein are 9-10, 12-13, 17-20, 22-23 and 33. No 
claims have been withdrawn or cancelled by this Amendment. New claims 34-35 
have been added by this Amendment. 

Formal Request for an Interview 

[0003] If the Examiner's reply to this communication is anything other than 
allowance of all pending claims, or if the Examiner should have questions 
regarding the invention or the location in the specification of support for any 
claim elements, then I formally request an interview with the Examiner. I 
encourage the Examiner to call me— the undersigned representative for the 
Applicant—so that we can discuss this matter so as to resolve any outstanding 
issues quickly and efficiently over the phone. 

[0004] Please contact me to schedule a date and time for a telephone 
interview that is most convenient for both of us. While email works great for me, 
I welcome your call as well. My contact information may be found on the last 
page of this response. 

Claim Amendments and Additions 

[0005] Without conceding to the propriety of the rejections herein and in the 
interest of expediting prosecution, Applicant amends claims 9-10, 12-13, 17-20, 
22-23 and 33 herein. Applicant amends these claims to clarify the claimed 
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features. Such amendments are made to expedite prosecution and to more 
quickly identify allowable subject matter, and should not be construed as further 
limiting the claimed invention in response to the cited references. 

[0006] Furthermore, Applicant has added new claims 34-35 herein, which 
are directed towards the same invention as claims 9-14, 17-23 and 33. These 
new claims are fully supported by the Application and therefore do not constitute 
new matter. New claim 34 and amended dependent claim 13 are supported, for 
example, at FIG. 13 and paragraph 0069 of the published present Application 
(US2005/0091213). Similarly, new claim 35 is supported, for example, at 
paragraph 0037. 
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Substantive Matters 
Claim Rejections under § 103 

[0007] Claims 9-14, 17-23 and 33 stand rejected under § 103. For the 
reasons set forth below, the Examiner has not made a prima facie case showing 
that the rejected claims are obvious. Accordingly, Applicant respectfully requests 
that the § 103 rejections be withdrawn and the case be passed along to 
issuance. 

[0008] The Examiner's rejections are based upon the following references in 
combination: 

• Botz: Botz, eta/., US Patent Publication No. 2003/0177388 
(published March 15, 2002); 

• Kao: Kao, eta/., US Patent No. 6,651,168 (issued January 29,1999); 
and 

• Axel: Axel, eta/., US Patent Publication No. 2004/0139355 
(Published November 7, 2002). 

Overview of the Application 

[0009] The Application describes a technology for logging a user on to a 
local machine using one or more credentials that are translated with one of a 
plurality of different credential provider modules initialized with a logon user 
interface. Each credential provider module translates a corresponding different 
type of credential into a common credential protocol. The translated credential is 
communicated through a logon UI module to an operating system (OS) of a local 
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machine. An OS logon module is called by the logon UI module to authenticate 
the translated credential against a credential database. A user identified by the 
translated credential is logged on to access the local machine when the 
authentication is successful. 



Cited References 

[OOiO] The Examiner cites Botz as the primary reference in the anticipation- 
and/or obviousness-based rejections. The Examiner cites Kao and Axel as 
secondary references in the obviousness-based rejections. 

Botz 

[0011] Botz teaches a technology for authenticated identity translation 
based on a trust relationship between multiple user identification and 
authentication services resident on different computing units of a multiple 
computing unit environment. The technology includes recording user 
identification and authentication events occurring within the trusted domain, and 
making this information available to other computing units within the domain by 
generating tokens representative of the identification and authentication events. 
A token is forwarded with a request to one or more computing units of the 
domain, which in turn provide the token to a domain controller to translate user 
identities between respective computing units. 
Kao 

[0012] Kao teaches a technology for an authentication framework 
subsystem that enables a computer system to authenticate a user with a 
selected one of a plurality of authentication processes. Each of the 
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authentication processes has a distinct sequence of steps and a unique 
input/output (I/O) interface for exchanging authentication information with the 
computer system. The invention includes an authentication framework in the 
computer system, An application program interface in the authentication 
framework provides an interface to an I/O component, such as a graphical user 
interface (GUI), of the computer system. A plurality of authentication modules 
interface with the framework. Each module has a conversation function driver 
defining a programmed sequence of steps to authenticate a user with a distinct 
authentication process. 

Axel 

[0013] Axel includes a method of accessing a plurality of network elements 
with at least one network element management program running on at least one 
element manager. The method comprises the steps of capturing a username and 
a password within the network element management program and submitting 
the captured username and password to each of the plurality of network 
elements so as to effect administrative address privileges for each of said 
plurality of network elements without re-capturing said username and said 
password. The purpose of the method is to capture the username and password 
of the user in order to log the user into individual network elements without 
having to reenter his username and password. 
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Obviousness Refections 



Lack of Prima Facie Case of Obviousness ( MPEP 5 2142) 

[0014] Applicant respectfully disagrees with the Examiner's obviousness 
rejections. Arguments presented herein point to various aspects of the record to 
demonstrate that all of the criteria set forth for making a prima facie case have 
not been met. 

Refections Based upon Combination of Botz with Kao 

[0015] Claims 9-11, 13-14, 17-19, 21-23 and 33 stand rejected under 35 
U.S.C. § 103(a) as being unpatentable over Botz combine with Kao. Applicant 
respectfully traverses the rejection of these claims, and asks the Examiner to 
withdraw the rejection of these claims for the following reasons. 

Independent Claims 9, 17 and 22 

[0016] Applicant submits that the combination of Botz with Kao does not 

teach or suggest at least the following elements as recited in independent claim 

9 (with emphasis added): 

...initializing, by a native operating system (OS) on a local 
machine, a logon user interface (UI); 

initializing with the logon UI on the local machine a 
plurality of different coexisting credential provider 
modules, each for translating respectively different 
types of credentials into a common credential 
protocol, the common credential protocol being 
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compatible with the native OS of the local machine, 
each said credential provider module enabling a user 
to log on with the native OS on the local machine via 
the logon UI to access the local machine using one of 
a plurality of corresponding different input devices 
that are capable of being in communication with the 
local machine.... 

Thus, according to this aspect of Applicant's invention, a plurality of different 
coexisting credential provider modules are initialized with the logon user 
interface. Each credential provider module is used for translating respectively 
different types of credentials into a common credential protocol that is 
compatible with the native OS of the local machine. Further, each of the 
different credential provider modules enables a user to log on with the native OS 
on the local machine via the logon UI to access the local machine using one of a 
plurality of corresponding different input devices that are capable of being in 
communication with the local machine. 

[0017] The Office Action states at Page 3, that Botz does not explicitly 
disclose a plurality of different input devices. The Office Action further indicates 
at Page 3 that Kao discloses a local machine capable of being in communication 
with a plurality of different input devices, citing FIG. 1A and col. 8, lines 22-26 
and 38-48 of Kao. However, the recited portions of Kao fail to teach or suggest 
initializing with the logon UI on the local machine a plurality of different 
coexisting credential provider modules, each for translating respectively different 
types of credentials into a common credential protocol, the common credential 
protocol being compatible with the native OS of the local machine , as recited in 
Applicant's claim 9. Instead, Kao is directed to an authentication framework 200 
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that teaches that external APIs 214, 214' and 214" within the authentication 
framework are exposed to interfaces 202, 204 and 206, respectively, for all 
authentication-related operations within the authentication framework 200 (col. 
8, lines 22-32). Thus, instead of teaching Applicant's method in which a plurality 
of different credential provider modules are initialized with a logon UI at the local 
machine for translating different types of credentials to a common credential 
protocol, Kao teaches multiple interfaces 202, 204 and 206 that communicate 
with APIs 214, 214' and 214". For example, at col. 9, lines 30-44, Kao teaches 
that the APIs 214, 214', 214" include conversation functions and interpreter 
processors. Thus, Kao's interfaces 202, 204, and 206 perform no translation 
function for translating different credential types to a common credential 
protocol, unlike the plurality of different coexisting credential provider modules 
initialized with the logon UI of Applicant's claim 9. 

[0018] In view of the foregoing, Applicant respectfully submits that neither 
Botz, nor Kao teaches or suggests initializing, with the logon UI on the local 
machine, a plurality of different coexisting credential provider modules, each for 
translating respectively different types of credentials into a common credential 
protocol , the common credential protocol being compatible with the native OS of 
the local machine, each said credential provider module enabling a user to log on 
with the native OS on the local machine via the logon UI to access the local 
machine using one of a plurality of corresponding different input devices. 
Consequently, as neither of these references teaches or suggests this feature of 
Applicant's invention, the combination thereof also cannot teach or suggest this 
feature. Axel is cited as being relevant to the subject matter of claims 12, 20 
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and 23, and provides no teachings regarding the subject matter of claim 9. 
Accordingly, Applicant respectfully asks the Examiner to withdraw the rejection of 
claim 9. 



[0019] Independent claims 17 and 22 include limitations similar to those 
discussed above with respect to claim 9, and are allowable under a similar 
rationale. 



Independent Claim 33 

[0020] Independent claim 33 includes limitations similar to those discussed 

above with respect to claim 9, and is allowable under a similar rationale. In 

addition, claim 33 includes (with emphasis added): 

...receiving a first credential from the user at a first said 
input device in communication with the local machine; 

receiving a second credential from the user at a 
second said input device in communication with the 
local machine; 

translating the first credential into the common credential 
protocol using a first one of the credential provider modules 
corresponding to the first input device that is in 
communication with the local machine; 

translating the second credential into the common 
credential protocol using a second one of the 
credential provider modules corresponding to the 
second input device that is in communication with 
the local machine; 
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using a component of the OS to authenticate the translated 
first credential and second credential having the common 
credential protocol against a credential database; and 

logging the user on with the OS to access the local 
machine when the authentication of both the first 
credential and the second credential is successful. 

According to this aspect of Applicant's invention, both first and second 
credentials are received and translated by first and second credential provider 
modules, respectively. The logging on of the user with the OS is performed 
when authentication of both the first credential and the second credential is 
successful. 

[0021] The Office Action asserts on Page 14 that this aspect is taught by 
Botz at par. 0094 and par. 0099-0106, and by Kao at col. 9, line 66 through col. 
10, line 10; col. 8 line 64-67. However, Applicant respectfully submits that none 
of the cited portions of Botz or Kao teach or suggest a method using a first 
credential translated by a first credential provider module and a second 
credential translated by a second credential provider module, that includes 
logging the user on with an OS on a local machine when the authentication of 
both the first credential and the second credential is successful. For example, 
the cited portion of Botz at par. 0094 teaches that the AIT domain server 
accesses policy information about both the request server and the initial 
authentication server. However, this is not the same as receiving a first 
credential from a user and a second credential from a user, translating these 
credentials to a common credential protocol using respective first and second 
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credential provider modules, and logging the user on with the OS when 
authentication of both the first credential and the second credential is successful. 



[0022] Similarly, Kao at col, 8, lines 64-67 only teaches that a smart card 
222 is plugged into the smart card reader 220 and a user's DCE ID and password 
is stored in the smart card. The user needs to be authenticated by the smart 
card and its smart card authentication module 210. Then, the authentication 
framework 200 can retrieve the user's DCE ID and password from the smart card 
and use them to sign the user on. Thus, this portion of Kao does not teach a 
first credential translated bv a first credential provider module and a second 
credential translated by a second credential provider module , as recited in 
Applicant's claim 33. Accordingly, as neither of these references teaches or 
suggests this feature of Applicant's invention, the combination thereof also 
cannot teach or suggest this feature. Axel is cited as being relevant to the 
subject matter of claims 12, 20 and 23, and provides no teachings regarding the 
subject matter of claim 33. Thus, Applicant respectfully submits that claim 33 is 
allowable over the Botz, Kao, Alex and the other art of record, whether taken 
singly, or in combination. 



Independent Claim 34 

[0023] New independent claim 34 includes limitations similar to those 
discussed above with respect to claim 9, and is allowable under a similar 
rationale. In addition, claim 34 includes (with emphasis added): 
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initializing one or more pre-logon access provider 
(PLAP) modules at the local machine coexisting with 
said credential provider modules, each PLAP module 
being interoperable with the OS of the local machine 
for enabling the user to select a logon connection 
type out of a plurality of logon connection types for 
establishing a network connection; 

receiving a first said credential from the user at a first one of 
said input devices in communication with the local machine; 

translating the first credential with a first one of said 
credential provider modules corresponding to the first input 
device that is in communication with the local machine; 

establishing by a selected one of said PLAP modules 
a network connection from the local machine to a 
domain using the translated first credential. .. 

Thus, according to this aspect of Applicants invention, one or more pre-logon 
access provider (PLAP) modules are initialized at the local machine, coexisting 
with said credential provider modules , each PLAP module being interoperable 
with the OS of the local machine for enabling the user to select a logon 
connection type out of a plurality of logon connection types for establishing a 
network connection. Applicant respectfully asserts that none of the art of record 
teaches or suggests this aspect of Applicant's invention. Accordingly, Applicant 
respectfully submits that new claim 34 is allowable over Botz, Kao, Alex and the 
other art of record, whether taken singly, or in combination. 
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Independent Claim 35 



[0024] New independent claim 35 includes limitations similar to those 

discussed above with respect to claim 9, and is allowable under a similar 

rationale. In addition, claim 35 includes (with emphasis added): 

...allowing a user to choose one of said plurality of 
different types of input devices to be used for logging 
on.... 

Thus, according to this aspect of Applicants invention, the user is able to choose 
which of a plurality of different types of input devices the user will use to log on 
to the local machine. Applicant respectfully asserts that none of the art of record 
teaches or suggests this aspect of Applicant's invention. Accordingly, Applicant 
respectfully submits that new claim 35 is allowable over Botz, Kao, Alex and the 
other art of record, whether taken singly, or in combination. 

Dependent Claims 

[0025] In addition to its own merits, each dependent claim is allowable for 
the same reasons that its base claim is allowable. Applicant requests that the 
Examiner withdraw the rejection of each dependent claim where its base claim is 
allowable. 
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Conclusion 



[0026] All pending claims are in condition for allowance. Applicant 
respectfully requests reconsideration and prompt issuance of the application. If 
any issues remain that prevent issuance of this application, the Examiner is 
urged to contact me before issuing a subsequent Action . Please call or 
email me at your convenience. 

Respectfully Submitted, 

Lee & Hayes, PLLC 
Representatives for Applicant 

/Colin D. Barnitz/ Dated: 8/6/2008 

Colin D. Barnitz f colin@ieehaves.com ; 512-505-8167) 
Registration No. 35061 

Emmanuel Rivera r emmanuel@leehaves.com : 512-505-8162) 
Registration No. 45760 

Customer No. 22801 

Telephone: (512) 505-8167 
Facsimile: (509) 323-8979 
www.leehayes.com 
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